The first thing to look at when you get an email you are not expecting is how it is addressed. Ebay and paypal will always use your real name as registered with them, so any mail that starts 'dear user' or 'dear email address' is almost certainly a fake and you don't even have to read any further.

Any emails you receive that you are unhappy about can be sent to spoof@ebay.co.uk but be aware that they default to confirming that everything is a fake, even the real ones!

This post is work in progress so I will be back later to add more. However please feel free to add more posts to this thread. let's stay safe out there!

Just to add to Soolin's post, I work for PayPal UK's PR agency. PayPal takes the threat of phishing very seriously, so therefore we have put together some tips and produced a short film with PayPal's Global Chief Information Security Officer advising users how to avoid phishing emails and stay safe online.

1. Check your account! If a PayPal user is ever sent an email which seems you should log into your account and verify any activity before going ahead with any transactions.

2. Generic greetings. Many spoof emails begin with a general greeting, such as: "Dear PayPal member." If you do not see your first and last name, be suspicious and do not click on any links or button.

3. A fake sender's address. A spoof email may include a forged email address in the "From" field. This field is easily altered.

4. A false sense of urgency. Many spoof emails try to deceive you with the threat that your account is in jeopardy if you don't update it ASAP. They may also state that an unauthorised transaction has recently occurred on your account, or claim PayPal is updating its accounts and needs information fast.

5. Fake links. Always check where a link is going before you click. Move your mouse over it and look at the URL in your browser or email status bar.

6. Emails that appear to be websites. Some emails will look like a website in order to get you to enter personal information. PayPal never asks for personal information in an email.

7. Deceptive URLs. Only enter your PayPal password on PayPal pages. These begin with https://www.paypal.com/. If you see an @ sign in the middle of a URL, there's a good chance this is a spoof. Legitimate companies use a domain name e.g. https://www.company.com.∑Always log in to PayPal by opening a new web browser and typing in the following: https://www.paypal.com/.∑Never log in to PayPal from a link in an email.

8. Unsafe sites. The term "https" should always precede any website address where you enter personal information. The "s" stands for secure. If you don't see "https," you're not in a secure web session, and you should not enter data.

10. Pop-up boxes. PayPal will never use a pop-up box in an email as pop-ups are not secure.

11. Attachments. Like fake links, attachments are frequently used in spoof emails and are dangerous. Never click on an attachment. PayPal will never email you an attachment or a software update to install on your computer.

If you receive a spoof email, forward the entire email - including the header information to spoof@paypal.com then delete it from your mailbox.

The Following 8 Users Say Thank You to Neil82 For This Useful Post:
Show me >>

Generally excellent information there Neil... but can you comment on the fact that ANY email sent to spoof@paypal.com will generate a 'Yes, this was a spoof email' response - even genuine paypal emails?

(Try it )

My TV is broken!
Edit: refunded £515 for TV 1.5 years out of warranty - thank you Sale of Goods Act!

Last edited by frivolous_fay; 22-11-2007 at 11:33 AM.

The Following 4 Users Say Thank You to frivolous_fay For This Useful Post:
Show me >>

In response to Neil, and especially to point number 4, I have to disagree entirely.

Some of you will be aware that I run a not for profit organisation and we use Paypal for donations and selling other items in our website shop. However, a few days before Christmas, we got an email out of the blue from 'compliance@paypal.com' saying that we needed to submit lots of different documents relating to our account in order to keep it fully active. I submitted all of those items by fax. They then emailed to say that they wanted more information and listed it, but since it was a day or so before xmas, I left it until a day after xmas to fax back. However, in the meantime (ie. over xmas itself!) they emailed to say our account had been restricted due to lack of response. It remains inactive and nobody can donate or buy from our site. They do not give surnames or a telephone number and yet ask for very personal account information. At first, I thought it was a hoax, but sure enough, they have, without rhyme or reason, suspended our account..over Christmas. I just feel thankful that we are not a business that relies on Paypal sales at xmas, but I'm still amazed that they can do this, esp since we've been operating the account for several months without any problems. We now can't even get the money out of the account that has already been donated.

I have been doing some research since then and found out that I am not the only one who is having problems. www.paypalsucks.com shows exactly why people should not use Paypal and why it is far from secure. Meanwhile, we remain in limbo and seem to have no way of resolving this or getting the tiny amount of money we had in our account.

The latest is, we have now been sent a survey done on behalf of Paypal which requests our feedback on the whole matter now that the limitation has been lifted. Since it hasn't actually been lifted at all, you can imagine our feedback.

Neil, trying to create good publicity out of a company that treats people in such a despicable manner must be a very hard and unrewarding job. You are convincing, but I'm afraid the truth speaks for itself - one only has to check the paypalsucks.com site to see how many others (some businesses that rely on Paypal) are suffering at the hands of this company.

this is a very real looking scam and they had my name and paypal e-mail and very authentic looking copy of paypal to try and recieve my details from ... They hope you would automatically hit the dispute transaction button and give them your password and bank details etc ... luckily I realised straight away and didn't give them any info and I have forwarded it to paypal spoof

I would like to know how they got my NAME and paypal address in the first place !!!!!

Please be careful

Last edited by finnerty; 20-01-2008 at 11:41 PM.

The Following 3 Users Say Thank You to finnerty For This Useful Post:
Show me >>

OMG I have just received this email. I am shaking like a leaf cos I thought someone had used my money! I am relieved that it is a scam (kind of) and I have done exactly the same as you - forward to paypal and didnt click on anything! Thanks for posting this - I really appreciate it

The Following 2 Users Say Thank You to bootsaholic For This Useful Post:
Show me >>

Apart from the excellent advice given above there is another way to quickly check for a spoof - so if somehow the email is addressed to you personally and not "Dear user" you just need to check the status bar of your web browser to see if the address shown there (which is the REAL address you'll be sent to) matches the one in the email.

Just hover your mouse over it - DO NOT CLICK and then look in the lower left of your browser.

If you hover over the link above you'll see what I mean - your status bar will show...

h ttp://Iamaspoofingswinetryingtorobyou.com

In any event - if you get any such sort of email it's better NOT to use the email to log on to your account but to log on in your usual way. Then when you go to the usual "Account details" link - if there's anything that needs fixing, changing, or updating they'll tell you on the site.

Hi, I'm a Board Guide on the Old Style and the Consumer Rights boards which means I'm a volunteer to help the boards run smoothly and can move and merge posts there. Board guides are not moderators and don't read every post. If you spot an inappropriate or illegal post then please report it to forumteam@moneysavingexpert.com. It is not part of my role to deal with reportable posts. Any views are mine and are not the official line of MoneySavingExpert.

Never ascribe to malice that which is adequately explained by incompetence.

DTFAC: Y.T.D = £5.20 Apr £0.50

Last edited by squeaky; 23-01-2008 at 11:03 PM.

The Following 4 Users Say Thank You to squeaky For This Useful Post:
Show me >>

i got one today, about my account needs reactivating.
very realistic looking but not addressed to me directly by name. just my email name.
i logged onto paypal by the proper method and sure enough, there was no dispute of any kind.

Notification of Limited Account AccessDear ormusxxxxx@yahoo.co.uk,
As part of our security measures, we regularly screen activity in the PayPal system. We recently contacted you after noticing an issue on your account.We requested information from you for the following reason:

We recently received a report of unauthorized credit card use associated with this account. As a precaution, we have limited access to your PayPal account in order to protect against future unauthorized transactions.

Case ID Number: PP-464-725-244 In accordance with PayPal's User Agreement, your account access will remain limited until the issue has been resolved. Unfortunately, if access to your account remains limited for an extended period of time, it may result in further limitations or eventual account closure. We encourage you to follow our verification procedure as soon as possible to help avoid this.

Once you log in, you will be provided with steps to restore your account access. We appreciate your understanding as we work to ensure account safety.

This is a final reminder to log in to PayPal as soon as possible.
We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.
Sincerely,
PayPal Account Review Department
PayPal Email ID PP638
Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the "Help" link in the footer of any page.PayPal Email ID PP638

To safely and securely access the PayPal website or your account, open a new web browser (e.g. Internet Explorer or Netscape) and type in the PayPal URL (https://www.paypal.com/row/) to be sure you are on the real PayPal site.

PayPal will never ask you to enter your password in an email.

For more information on protecting yourself from fraud, please review our Security Tips at https://www.paypal.com/row/s ecuritytips
Protect Your PasswordYou should never give your PayPal password to anyone, including PayPal employees.

------------------------------------------------------------------------notice how clever the url is, when you hover your mouse over the link.

I had a very realistic looking one the other day addressing me by my surname, which came to my inbox rather than spam, saying my account had been limited. Even though I was 99.9% certain it was a fake, I checked my account in a separate window and found nothing wrong, so I forwarded it to Paypal who confirmed with about 10 mins it was a fake.

Unfortunately I've deleted it so can't post it here, but it asked for the sort of documentation that Paypal would if your account was limited, but wanted it scanning and emailing.

I had an extremely clever one today, I would have fallen for it, if it wasn't for the fact my main email account is linked to a posting ID with one fb, and my main ebay account has a seperate email address just for that and Paypal!

Dear eBay Member,
Congratulations! Your recent selling activity entitles you to Bronze status in the eBay PowerSeller Program. Please visit www.ebay.com/powerseller and sign in to activate your free membership to enjoy these great benefits and services:

See the PowerSeller icon next to your User ID Free seller support via Live Chat, 24 hours a day, 7 days a week for all Bronze PowerSellers. If you also meet the annual volume requirement, you are also eligible for phone support. Log in to the PowerSeller portal for the most updated information on your customer support options.Get exclusive offerings on the PowerSeller portal--check back often for updates!Network on the exclusive PowerSeller Discussion Board.Download free business templates for PowerSeller business cards and letterhead.

Be sure to sign up today--it's FREE! Visit www.ebay.com/powerseller and click "Member Sign In."Again, congratulations and best wishes for your continued success!Sincerely,
eBay PowerSeller Team eBay sent this communication to you because of your outstanding feedback, high sales, and good account standing. If you would not like to be invited to join the PowerSeller program, follow the directions above, click "Member Sign In", and then click "Decline" at the bottom of the page. Please note that it may take up to 10 days to process your request.

Hi cant believe what ive just done looking through emails there was 1 from paypal or so i thought saying my payment for leatherbound books $199 is been processed click on this link if you want to cancel stupidly i did and put paypal password in before it dawned on me you are not supposed to click on it
then it asked me for bank details which i didnt give thankfully but ive changed my password and cancelled my bank card is there anything else i should do :confused:

Important! How this site works

We think it's important you understand the strengths and limitations of the site. We're a journalistic website and aim to provide the best MoneySaving guides, tips, tools and techniques, but can't guarantee to be perfect, so do note you use the information at your own risk and we can't accept liability if things go wrong.

This info does not constitute financial advice, always do your own research on top to ensure it's right for your specific circumstances and remember we focus on rates not service.

We don't as a general policy investigate the solvency of companies mentioned (how likely they are to go bust), but there is a risk any company can struggle and it's rarely made public until it's too late (see the section 75 guide for protection tips).

We often link to other websites, but we can't be responsible for their content.

Always remember anyone can post on the MSE forums, so it can be very different from our opinion.

MoneySavingExpert.com is part of the MoneySupermarket Group, but is entirely editorially independent. Its stance of putting consumers first is protected and enshrined in the legally-binding MSE Editorial Code.